diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 60481947ddde..66028aaf8284 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -1199,6 +1199,15 @@ static void _php_curl_set_default_options(php_curl *ch)
 	if (cainfo && cainfo[0] != '\0') {
 		curl_easy_setopt(ch->cp, CURLOPT_CAINFO, cainfo);
 	}
+#if LIBCURL_VERSION_NUM >= 0x075400 /* Available since 7.71.0 */
+	/* Curl supports falling back to the native/OS root certificates
+	 * if cainfo is not provided. When the php.ini cainfo is empty,
+	 * setting CURLSSLOPT_NATIVE_CA enables this behavior.
+	 */
+	else {
+		curl_easy_setopt(ch->cp, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
+	}
+#endif
 
 #ifdef ZTS
 	curl_easy_setopt(ch->cp, CURLOPT_NOSIGNAL, 1);
diff --git a/ext/curl/tests/curl_native_ca.phpt b/ext/curl/tests/curl_native_ca.phpt
new file mode 100644
index 000000000000..6bb62d1d2862
--- /dev/null
+++ b/ext/curl/tests/curl_native_ca.phpt
@@ -0,0 +1,43 @@
+--TEST--
+Curl defaulting to default CA root store, especially in Windows
+--EXTENSIONS--
+curl
+--DESCRIPTION--
+On Windows, there is no fallback root CA store, so all HTTPS requests that require validation (default)
+fail by default. Curl >= 7.71.0 has a CURLOPT_SSL_OPTIONS = CURLSSLOPT_NATIVE_CA option that falls back
+to Windows root CA store.
+--SKIPIF--
+<?php
+
+// if (getenv("SKIP_ONLINE_TESTS")) die("skip online test");
+
+if (curl_version()['version_number'] < 0x074700) {
+//    die("skip: test works only with curl >= 7.71.0");
+}
+
+?>
+--FILE--
+<?php
+    $ch = curl_init('https://sha256.badssl.com/');
+    var_dump(__LINE__);
+    $cert = curl_getinfo($ch, CURLINFO_CAINFO);
+    var_dump($cert);
+    var_dump(__LINE__);
+    curl_setopt_array($ch, [
+        CURLOPT_RETURNTRANSFER => true,
+        CURLOPT_SSL_VERIFYHOST => 2,
+        CURLOPT_SSL_VERIFYPEER => 1,
+    ]);
+
+    var_dump(__LINE__);
+    curl_exec($ch);
+    var_dump(__LINE__);
+    var_dump(curl_getinfo($ch, CURLINFO_SSL_VERIFYRESULT));
+    var_dump(__LINE__);
+    var_dump(ini_get('curl.cainfo'));
+    var_dump(__LINE__);
+    var_dump(curl_version());
+?>
+--EXPECT--
+int(0)
+dsdsad